<?php

namespace App\Http\Middleware;

use Closure;
use http\Env\Response;
use Route;
use Auth;
class CheckRbac
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
//        如果是管理员权限就直接不用判断，所有的路由都可以访问
        if(Auth::guard('admin')->user()->role_id !='1'){
        //RBAC鉴权
        //phpinfo();输出phpinfo说明路由都从这里走了过去

        //获取当前的路由
        $route=Route::currentRouteAction();
        //获得当前用户对应的角色已经具备的权限，注意例外，（登陆页面）
        $ac=Auth::guard('admin')->user()->Role->auth_ac;
//        $ac=strtolower($ac.',indexcontroller@index,indexcontroller@welcome,indexcontroller@info,indexcontroller@dashboard');
        $ac=strtolower($ac.',indexcontroller@index,indexcontroller@welcome,indexcontroller@info');



        //判断权限
        $routeArr=explode('\\', $route);
        $current=strtolower(end($routeArr));
        //dd($current);
        //dd(strpos($ac, strtolower(end($routeArr)))); 
        if(strpos($ac, $current)=== false)
        { 
            
//            exit("<h1>对不起,您没有权限访问<h1 \>");
            return response()->view('admin.public.404');
        }

     }
        return $next($request);
    }
}
